Skip to main content
Scanners

Build & Deploy Scanner

Detect CI/CD systems, containerization, and infrastructure-as-code.

The Build & Deploy scanner detects CI/CD systems, containerization, and infrastructure-as-code across your workspace. This intelligence supports DevOps assessments, platform migrations, and compliance audits.


Detection Categories

CI/CD Platforms

PlatformDetection Files
GitHub Actions.github/workflows/*.yml
GitLab CI.gitlab-ci.yml
Azure DevOpsazure-pipelines.yml, .azure-pipelines/
JenkinsJenkinsfile, jenkins/
CircleCI.circleci/config.yml
Travis CI.travis.yml
Bitbucket Pipelinesbitbucket-pipelines.yml

Containerization

TechnologyDetection Files
DockerDockerfile, Dockerfile.*
Docker Composedocker-compose.yml, compose.yml
Kubernetesk8s/, *.k8s.yml, deployment.yml
HelmChart.yaml, values.yml
Skaffoldskaffold.yaml

Infrastructure as Code

PlatformDetection Files
Terraform*.tf, .terraform/
Bicep*.bicep
CloudFormationtemplate.yml, cloudformation/
PulumiPulumi.yaml, Pulumi.*.yaml
CDKcdk.json
SSTsst.config.ts

Release & Versioning

ToolDetection Files
Changesets.changeset/config.json
semantic-release.releaserc, release.config.js
GitVersionGitVersion.yml
Lernalerna.json
Release Pleaserelease-please-config.json

Package Managers & Monorepo

ToolDetection Files
pnpmpnpm-workspace.yaml
npm workspacespackage.json with workspaces
Yarn workspacespackage.json with workspaces
Turborepoturbo.json
Nxnx.json, project.json

Use Cases

Platform Migration Assessment

Before migrating CI/CD platforms:

vg scan --format json | jq '.buildDeploy.ci'

Identify:

  • Number and complexity of workflows
  • Platform-specific features used
  • Secrets and variables required

Security Audit

Verify expected infrastructure patterns:

vg scan --format json | jq '.buildDeploy | {ci, iac, containers}'

Multi-Repo Analysis

Across multiple repositories, aggregate to find:

  • Inconsistent CI/CD choices
  • Missing containerization
  • IaC adoption gaps

Example Output

{
  "buildDeploy": {
    "ci": {
      "platforms": ["github-actions"],
      "workflows": [
        {
          "file": ".github/workflows/ci.yml",
          "triggers": ["push", "pull_request"],
          "jobs": ["test", "build", "deploy"]
        },
        {
          "file": ".github/workflows/release.yml",
          "triggers": ["release"],
          "jobs": ["publish"]
        }
      ]
    },
    "containers": {
      "docker": true,
      "dockerCompose": true,
      "kubernetes": false,
      "helm": false,
      "dockerfiles": [
        { "path": "Dockerfile", "baseImage": "node:20-alpine" },
        { "path": "Dockerfile.dev", "baseImage": "node:20" }
      ]
    },
    "iac": {
      "terraform": true,
      "bicep": false,
      "cloudformation": false,
      "files": ["infra/main.tf", "infra/variables.tf"]
    },
    "release": {
      "tool": "changesets",
      "configFile": ".changeset/config.json"
    },
    "monorepo": {
      "tool": "turborepo",
      "workspaces": ["apps/*", "packages/*"]
    },
    "packageManager": {
      "name": "pnpm",
      "version": "8.14.0"
    }
  }
}

Related Documentation